<?php
session_start();
header("Content-type: text/html; charset=utf-8");
define("SALT", "7mk?/&j=6^7-$^RIO[JN9F|GK5J#E6WT;!bj30ab-wif4ga~g%7hjg4");
require dirname(__FILE__) . '/lib/crumb.php';
require dirname(__FILE__) . '/lib/utils.php';
require dirname(__FILE__) . '/lib/lib_mysql.php';
$db = new Mysql();
$_SESSION["USERID"] = "";
$_SESSION["USERNAME"] = "";
$name = $_POST["username"];
$name = preg_replace('/[^A-Za-z0-9]/', '', $name);
$pass = $_POST["userpass"];
$code = $_POST["code"];
if ($code == $_SESSION["SESSION_VALIDATE_CODE"]) {
    $query = "SELECT * FROM kt_user WHERE user_name = '$name'";
    $userobj = $db->get_row($query);
    if ($userobj != null) {
        if ($userobj["user_pwd"] == generate_password($pass)) {
            $_SESSION["USERID"] = $userobj["user_salt"];
            $_SESSION["USERNAME"] = $userobj["user_name"];
            header("Location: main.php");
            $_SESSION["SESSION_VALIDATE_CODE"] = "";
            unset($_SESSION["SESSION_VALIDATE_CODE"]);
        } else {
            echo "<script type=\"text/javascript\">";
            echo "	alert(\"密码错误!\");";
            echo "	window.location.href =\"index.php\";";
            echo "</script>";
        }
    } else {
        echo "<script type=\"text/javascript\">";
        echo "	alert(\"用户名错误!\");";
        echo "	window.location.href =\"index.php\";";
        echo "</script>\n";
    }
} else {
    echo "<script type=\"text/javascript\">";
    echo "	alert(\"验证码错误!\");\n";
    echo "	window.location.href =\"index.php\";";
    echo "</script>";
}
?>